Public Service: Identifying a Craigslist Scam
Friday, March 23, 2012 at 5:24PM I received a message today from robot@craigslist.org that tripped my scam alert. If you look at the message, and the fact that it's coming from what looks to be a authentic email address, it would be easy to be fooled by this one, because Craigslist does in fact use a robot to confirm listings. However, that robot usually sends a message right after you post your listing, not a week afterwards. And this looks similar to that message, but something seemed to be off. What reallly got me to doubt it wasn't the multiple exclamation marks, but the use of the word "ADD" for advertisement.
So I looked at the email message header, and found the scam in the reply-to line:
Reply-To: "craigslist - automated message, reply for verification" robot@crajgsljsts.org
How does the scam work? I did my due diligence and came up with the following scenario from someone who feel for this:
You respond to the message with your post information. This allows the scammer to replace your post with their for sale post, which now looks like it is coming from you instead of them, thus giving it a legitimacy they wouldn't have had, and possibly also making it look like the advert is local.
The original message is reposted below so others who do a search may find this based on the text in the scam and not fall for it.
DEAR email_address
IMPORTANT - FURTHER ACTION IS REQUIRED TO PUBLISH YOUR (cars & trucks - by owner) ADD ONLINE - HUMAN VERIFICATION!!!
YOUR POSTING IS CURRENTLY HELD FOR VERIFICATION!!!
REPLY US YOUR CITY/STATE AND THE POST/EDIT/DELETE LINK FROM THE MESSAGE YOU RECEIVED EARLIER WITH SUBJECT LINE POST/EDIT/DELETEHere are the steps you need to follow:
Find the message with the POST/EDIT/DELETE subject line
Copy the POST/EDIT/DELETE link.
Reply to this message by putting your POST/EDIT/DELETE link and your location: City/State in which you posted the ADD in the subject line.
Deliver us the message for human verification by pressing the SEND button in order to reactivate your posting.You will find your POST/EDIT/DELETE link in an earlier message sent by us with this subject line: POST/EDIT/DELETE. You need to copy your entire link, paste it in the subject line of this message and reply to us.
*** HUMAN VERIFICATION IS A MECHANISM TO PREVENT SPAMMING ON CRAIGSLIST!!!
This is an attempt to ensure that the response is generated by a person.This message was sent to prevent automated software from performing actions which degrade the quality of our services, also this action is required to minimize automated posting on craigslist (cars & trucks - by owner). Human Verification Posting is sometimes required for posting on craigslist. Your posting is currently held for verification. Follow the instructions, and your posting will be verified and approved to go online on craigslist.
Your posting will expire off the site 45 days after it was created.WARNING!! *** WARNING!! *** WARNING!! *** WARNING!!
Please be wary of distant 'buyers' responding to your ad! Many sellers receive replies from scammers hoping to defraud them through schemes involving counterfeit cashier's checks and/or wire transfers. These checks will clear the bank, but the person cashing the check will be held responsible when the fraud is discovered.
More info on scams can be found at this web address: http://www.craigslist.org/about/scams
Thanks for using craigslist!
Craigslist, public service, scams in interactive 
Reader Comments (5)
Glen great blog! I wanted to let you know this actually happened to me today 4/21 in Chicago right after I posted a new CL ad to sell my car. Earlier on my previous ad posts from a few weeks ago I did the human verification with my cellphone so I thought it was strange to get the new emails asking for more verification.
Good catch with the spelling error, ADD for advertisement. Also notice the grammar, REPLY US YOUR CITY, instead of Reply to us. It's obvious they tried to copy/paste the original CL message but this just ends up looking sloppy enough to raise the hairs on the back of my neck.
Thanks for raising the awareness level about CL spam.
I just got one of these emails and was about to reply when i figured id research "craigslist HUMAN VERIFICATION emails". Thanks for the post, i also found in there email they spelled craighljst.org with a "j". Good eye..
I think this scam may have happen to me. When I send emails out to my contacts the email states that it if from craigslist. Is this one of the scams?, if so how can I fix it?
One to be more careful of, is the "post flagged for removal" one that asks you to run an executable. Make special note that it's harder to see the wrong email as it is from
robot@craiqslist.com. A q instead of a g, it's a lot harder to see the difference if your not looking.
That's a SCAM for sure do not open any zip files with the email or do not click any photos or anything like that came with the email,hackers can hide commants inside those files so when you click it the commant will be activated and hacker or SCAMMER whatever that person call him or her self will be controlling your computer remotely,they can read your email ,even can go to all your files inside the computer with that remote controlling commants ,DO NOT OPEN ANY FILES CAME WITH THE EMAIL, just copy that SPAM email and go to your MAIL OPTIONS and block the email.Iam part of ANONYMOUS TEAM ,listen to my advice and be smart and DO NOT OPEN ANY FILE CAME WITH THE EMAIL OR DO NOT EMAIL THEM BACK